[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pinky command
From: |
Hemant . Rumde |
Subject: |
Pinky command |
Date: |
Wed, 11 Nov 2009 11:18:57 -0500 |
Hi GNU Bug fixers,
I am old school and has been using finger ( without fingerd for security
reasons ) on Unix.
Today I came across pinky on RedHat Linux. The man page of this command
specified your email address.
In old days, attackers used to create .project symbolic to passwd and
group files to get the
List of login ids and group via fingerd. I guess, Sun had fixed this
long back in
Solaris. However in pinky, I can use symbolic link to /etc/passwd and
/etc/group.
$ cd <--- Go to home dir
$ ln -s .project /etc/passwd
$ pinky -l mylogin
Pinky follows symlink of .project. I guess, Pinky should avoid .project
if it is a symlink.
Hemant
ING U.S. Financial Services
Shared Application Engineering - Enabling Technologies
Phone: 617-376-4298
address@hidden
www.ing-usa.com
ING. Your future. Made easier.SM
---------------------------------------------------------
NOTICE: The information contained in this electronic mail message is
confidential and intended only for certain recipients. If you are not an
intended recipient, you are hereby notified that any disclosure, reproduction,
distribution or other use of this communication and any attachments is strictly
prohibited. If you have received this communication in error, please notify
the sender by reply transmission and delete the message without copying or
disclosing it.
============================================================================================